User profile for user: CCC_
CCC_ Author
User level: Level 1
8 points

Accidentally granted Osascript Access

I don’t know if this is the right topic but I accidentally provided Osascript access onto my laptop (maybe to Safari, I’m not entirely sure, I panicked a bit after saying yes instead of do not allow). The combo cleaner free version that I used says that there is no virus detected but I’m concerned that I have downloaded some malware. There haven’t been any applications downloaded so far. This happened less than an hour ago. Any advice on this issue? Thanks in advance.

MacBook Air 13″, macOS 10.14

Posted on Oct 14, 2020 10:12 AM

Reply
Question marked as Top-ranking reply
User profile for user: BDAqua
BDAqua
User level: Level 10
250,259 points

Posted on Oct 14, 2020 10:54 AM

EtreCheck is a FREE simple little diagnostic tool to display the important details of your system configuration and allow you to copy that information to the Clipboard. It is meant to be used with Apple Support Communities to help people help you with your Mac. It will not display any personal info.

https://www.etrecheck.com/


Pastebin is a good place to paste the whole report if you capture the URL while there…

https://pastebin.com/

Whew, they've changed pastebin & made it harder, but after pasting in, click Create new paste button, then Embed button, then copy the URL...

<script src="https://pastebin.com/embed_js/KuvnghqA"></script>


The important part is...


https://pastebin.com/embed_js/KuvnghqA


Workable but harder for me to work with...the Note tool on the bottom of this editor's toolbar, as shown in the image, to copy and paste the output from EtreCheck. In a Reply before you click post, look for this to add longer texts...

View in context

Similar questions

8 replies
Question marked as Top-ranking reply
User profile for user: BDAqua
BDAqua
User level: Level 10
250,259 points

Oct 14, 2020 10:54 AM in response to CCC_

EtreCheck is a FREE simple little diagnostic tool to display the important details of your system configuration and allow you to copy that information to the Clipboard. It is meant to be used with Apple Support Communities to help people help you with your Mac. It will not display any personal info.

https://www.etrecheck.com/


Pastebin is a good place to paste the whole report if you capture the URL while there…

https://pastebin.com/

Whew, they've changed pastebin & made it harder, but after pasting in, click Create new paste button, then Embed button, then copy the URL...

<script src="https://pastebin.com/embed_js/KuvnghqA"></script>


The important part is...


https://pastebin.com/embed_js/KuvnghqA


Workable but harder for me to work with...the Note tool on the bottom of this editor's toolbar, as shown in the image, to copy and paste the output from EtreCheck. In a Reply before you click post, look for this to add longer texts...

Reply
User profile for user: Old Toad
Old Toad
User level: Level 10
215,864 points

Nov 10, 2020 11:19 AM in response to CCC_

Uninstall combocleaner according to the developer's instructions. There is no reason to ever install or run any 3rd party "cleaning", "optimizing", "speed-up", anti-virus or security apps on your Mac.  This user tip describes what you need to know and do to protect your Mac: Effective defenses against malware and other threats - Apple Community   


MalwareBytes and Etrecheck don't fall into those categories and are excellent utilities to have.

Reply
User profile for user: CCC_
CCC_ Author
User level: Level 1
8 points

Oct 14, 2020 5:05 PM in response to BDAqua

So I am kind of clueless as to what the pastebin situation is. I used Combo Cleaner and Malwarebytes and they both said that it was clean. I guess that I was concerned because my computer froze for a min or two after I granted access. I don't know what the URL for EntreCheck is but I found 4 unsigned files, this being one:


Launchd script:~/Library/LaunchAgents/com.valvesoftware.steamclean.plist

Executable:/Users/*****/Library/Application Support/Steam/SteamApps/steamclean Public

Status:Loaded

Install date:2020-10-14 00:54:56

Details:Exact match found in the legitimate list - probably OK


I can also just post the whole EntreCheck report somewhere else too if you help explain the pastebin thing? I'm worried about posting it all on here/don't know what to do really.



[Personal Information Edited by Moderator]

Reply
User profile for user: etresoft
etresoft
User level: Level 9
56,764 points

Oct 14, 2020 5:09 PM in response to CCC_

The only thing in EtreCheck that you should publicly post online is the text report obtained from the "Share" button. It automatically removes any personal information. I've asked the hosts to remove the personal information in your post above.


Can you provide more details about the osascript? Normally this is something that an app might use to perform privileged actions that it otherwise cannot. For example, if you did have malware installed, and asked EtreCheckPro to remove it. EtreCheckPro would use osascript to attempt to delete the malware. In one sense, this is a safe operation because you are providing your password to an Apple tool, not the app that ran the script. But it is still a script and probably still running with administrative access. It was probably fine, but choosing "No" or "Cancel" on those dialogs is always a safe choice.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Accidentally granted Osascript Access

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up